Skip to content

Commit

Permalink
update getfields funcs
Browse files Browse the repository at this point in the history
  • Loading branch information
davydovct committed Dec 6, 2018
1 parent b3b0f84 commit 1a67fc1
Showing 1 changed file with 215 additions and 47 deletions.
262 changes: 215 additions & 47 deletions cleantalk.antispam/include.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,47 +96,215 @@ static function CleantalkDie($message)
}
die();
}
/**
* Get all fields from array
* @param string email variable
* @param string message variable
* @param array array, containing fields
*/

static function CleantalkGetFields(&$email,&$message,$arr)
/*
* Get data from submit recursively
*/
static public function CleantalkGetFields($arr, $message=array(), $email = null, $nickname = array('nick' => '', 'first' => '', 'last' => ''), $subject = null, $contact = true, $prev_name = '')
{
$is_continue=true;
foreach($arr as $key=>$value)
{
if(strpos($key,'ct_checkjs')!==false)
{
$email=null;
$message='';
$is_continue=false;
//Skip request if fields exists
$skip_params = array(
'ipn_track_id', // PayPal IPN #
'txn_type', // PayPal transaction type
'payment_status', // PayPal payment status
'ccbill_ipn', // CCBill IPN
'ct_checkjs', // skip ct_checkjs field
'api_mode', // DigiStore-API
'loadLastCommentId', // Plugin: WP Discuz. ticket_id=5571
);

// Fields to replace with ****
$obfuscate_params = array(
'password',
'pass',
'pwd',
'pswd'
);

// Skip feilds with these strings and known service fields
$skip_fields_with_strings = array(
// Common
'ct_checkjs', //Do not send ct_checkjs
'nonce', //nonce for strings such as 'rsvp_nonce_name'
'security',
// 'action',
'http_referer',
'timestamp',
'captcha',
// Formidable Form
'form_key',
'submit_entry',
// Custom Contact Forms
'form_id',
'ccf_form',
'form_page',
// Qu Forms
'iphorm_uid',
'form_url',
'post_id',
'iphorm_ajax',
'iphorm_id',
// Fast SecureContact Froms
'fs_postonce_1',
'fscf_submitted',
'mailto_id',
'si_contact_action',
// Ninja Forms
'formData_id',
'formData_settings',
'formData_fields_\d+_id',
'formData_fields_\d+_files.*',
// E_signature
'recipient_signature',
'output_\d+_\w{0,2}',
// Contact Form by Web-Settler protection
'_formId',
'_returnLink',
// Social login and more
'_save',
'_facebook',
'_social',
'user_login-',
// Contact Form 7
'_wpcf7',
'avatar__file_image_data',
);
$fields_exclusions = CleantalkCustomConfig::get_fields_exclusions();
if ($fields_exclusions)
array_merge($skip_fields_with_strings,$fields_exclusions);
// Reset $message if we have a sign-up data
$skip_message_post = array(
'edd_action', // Easy Digital Downloads
);

foreach($skip_params as $value){
if(@array_key_exists($value,$_GET)||@array_key_exists($value,$_POST))
$contact = false;
} unset($value);

if(count($arr)){
foreach($arr as $key => $value){

if(gettype($value)=='string'){
$decoded_json_value = json_decode($value, true);
if($decoded_json_value !== null)
$value = $decoded_json_value;
}

if(!is_array($value) && !is_object($value)){

if (in_array($key, $skip_params, true) && $key != 0 && $key != '' || preg_match("/^ct_checkjs/", $key))
$contact = false;

if($value === '')
continue;

// Skipping fields names with strings from (array)skip_fields_with_strings
foreach($skip_fields_with_strings as $needle){
if (preg_match("/".$needle."/", $prev_name.$key) == 1){
continue(2);
}
}unset($needle);

// Obfuscating params
foreach($obfuscate_params as $needle){
if (strpos($key, $needle) !== false){
$value = CleantalkAntispam::CleantalkObfuscateParam($value);
continue(2);
}
}unset($needle);


// Decodes URL-encoded data to string.
$value = urldecode($value);

// Email
if (!$email && preg_match("/^\S+@\S+\.\S+$/", $value)){
$email = $value;

// Names
}elseif (preg_match("/name/i", $key)){

preg_match("/((name.?)?(your|first|for)(.?name)?)$/", $key, $match_forename);
preg_match("/((name.?)?(last|family|second|sur)(.?name)?)$/", $key, $match_surname);
preg_match("/^(name.?)?(nick|user)(.?name)?$/", $key, $match_nickname);

if(count($match_forename) > 1)
$nickname['first'] = $value;
elseif(count($match_surname) > 1)
$nickname['last'] = $value;
elseif(count($match_nickname) > 1)
$nickname['nick'] = $value;
else
$message[$prev_name.$key] = $value;

// Subject
}elseif ($subject === null && preg_match("/subject/i", $key)){
$subject = $value;

// Message
}else{
$message[$prev_name.$key] = $value;
}
}
if($is_continue)
{
foreach($arr as $key=>$value)
{
if(!is_array($value))
{
if ($email === null && preg_match("/^\S+@\S+\.\S+$/", $value))
{
$email = $value;
}
else
{
$message.="$value\n";
}
}
else
{
CleantalkAntispam::CleantalkGetFields($email,$message,$value);
}

}elseif(!is_object($value)){

$prev_name_original = $prev_name;
$prev_name = ($prev_name === '' ? $key.'_' : $prev_name.$key.'_');

$temp = CleantalkAntispam::CleantalkGetFields($value, $message, $email, $nickname, $subject, $contact, $prev_name);

$message = $temp['message'];
$email = ($temp['email'] ? $temp['email'] : null);
$nickname = ($temp['nickname'] ? $temp['nickname'] : null);
$subject = ($temp['subject'] ? $temp['subject'] : null);
if($contact === true)
$contact = ($temp['contact'] === false ? false : true);
$prev_name = $prev_name_original;
}
} unset($key, $value);
}

foreach ($skip_message_post as $v) {
if (isset($_POST[$v])) {
$message = null;
break;
}
} unset($v);

//If top iteration, returns compiled name field. Example: "Nickname Firtsname Lastname".
if($prev_name === ''){
if(!empty($nickname)){
$nickname_str = '';
foreach($nickname as $value){
$nickname_str .= ($value ? $value." " : "");
}unset($value);
}
}
$nickname = $nickname_str;
}

$return_param = array(
'email' => $email,
'nickname' => $nickname,
'subject' => $subject,
'contact' => $contact,
'message' => $message
);
return $return_param;

}

/**
* Masks a value with asterisks (*) Needed by the getFieldsAny()
* @return string
*/
static public function CleantalkObfuscateParam($value = null) {
if ($value && (!is_object($value) || !is_array($value))) {
$length = strlen($value);
$value = str_repeat('*', $length);
}

return $value;
}

/**
* Checking all forms for spam
Expand Down Expand Up @@ -252,27 +420,27 @@ public function OnPageStartHandler()
(isset($_POST['order']['action']) && $_POST['order']['action'] == 'refreshOrderAjax')|| // Order AJAX refresh
(isset($_POST['order']['action']) && $_POST['order']['action'] == 'saveOrderAjax') ||
(isset($_POST['action']) && $_POST['action'] == 'refreshOrderAjax') ||
(isset($_POST['action']) && $_POST['action'] == 'saveOrderAjax')
(isset($_POST['action']) && $_POST['action'] == 'saveOrderAjax') ||
strpos($_SERVER['REQUEST_URI'],'/user-profile.php?update=Y')!==false
)
{
return;
}

$sender_email = null;
$message = '';
CleantalkAntispam::CleantalkGetFields($sender_email,$message,$_POST); //Works via links need to be fixed
if ($sender_email === null)
CleantalkAntispam::CleantalkGetFields($sender_email,$message,$_GET);
$ct_temp_msg_data = CleantalkAntispam::CleantalkGetFields($_POST); //Works via links need to be fixed

if ($ct_temp_msg_data === null)
CleantalkAntispam::CleantalkGetFields($_GET);

if($sender_email!==null || $ct_global_without_email == 1)
{
$arUser = array();
$arUser["type"] = "feedback_general_contact_form";
$arUser["sender_email"] = $sender_email;
$arUser["sender_nickname"] = '';
$arUser["sender_email"] = ($ct_temp_msg_data['email'] ? $ct_temp_msg_data['email'] : '');
$arUser["sender_nickname"] = ($ct_temp_msg_data['nickname'] ? $ct_temp_msg_data['nickname'] : '');
$arUser["sender_ip"] = $_SERVER['REMOTE_ADDR'];
$arUser["message_title"] = "";
$arUser["message_body"] = $message;
$arUser["message_title"] = ($ct_temp_msg_data['subject'] ? $ct_temp_msg_data['subject'] : '');
$arUser["message_body"] = ($ct_temp_msg_data['message'] ? $ct_temp_msg_data['message'] : '');
$arUser["example_title"] = "";
$arUser["example_body"] = "";
$arUser["example_comments"] = "";
Expand Down

0 comments on commit 1a67fc1

Please sign in to comment.